[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3299 Introduced in House (IH)]
113th CONGRESS
1st Session
H. R. 3299
To amend section 340A of the Public Health Service Act to protect the
privacy of personally identifiable information in relation to
enrollment activities of health insurance exchanges, and for other
purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
October 16, 2013
Mr. Ross introduced the following bill; which was referred to the
Committee on Energy and Commerce, and in addition to the Committee on
Ways and Means, for a period to be subsequently determined by the
Speaker, in each case for consideration of such provisions as fall
within the jurisdiction of the committee concerned
_______________________________________________________________________
A BILL
To amend section 340A of the Public Health Service Act to protect the
privacy of personally identifiable information in relation to
enrollment activities of health insurance exchanges, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Security Before Access Act of
2013''.
SEC. 2. PROTECTING THE PRIVACY OF PERSONALLY IDENTIFIABLE INFORMATION
IN ENROLLMENT ACTIVITIES OF HEALTH INSURANCE EXCHANGES.
(a) In General.--Section 340A(c) of the Public Health Service Act
(42 U.S.C. 256a(c)) is amended by adding at the end the following new
paragraph:
``(3) Ensuring privacy of personally identifiable
information; liability; penalties; consumer opt out.--
``(A) In general.--The Secretary shall require each
recipient of a grant under this section to implement
procedures specified by the Secretary consistent with
this paragraph in order protect the privacy of
personally identifiable information.
``(B) Required procedures.--The procedures
specified by the Secretary under subparagraph (A) shall
include at least the following:
``(i) Prohibition of access without
explicit consent.--No certified application
counselor, health insurance navigator, or non-
navigator assistance personnel shall have
access to personally identifiable information
relating to an individual without the express,
witnessed, written consent of that individual.
``(ii) Requiring licensure, background
checks.--No such individual shall have access
to personally identifiable information unless
the individual--
``(I) has undergone, within 60 days
before commencing enrollment assistance
for any consumer seeking coverage
through health insurance exchanges,
both a criminal background and
fingerprint check and has a clean
record free of criminal infractions;
and
``(II) meets educational and
licensure requirements that are
identical or comparable to those
currently applicable to health
insurance agents and brokers within the
State they seek to assist consumers
with health insurance enrollment.
``(iii) Requirement for prior certification
of safeguards.--The recipient of the grant may
not collect personally identifiable information
for any reason until the Comptroller General of
the United States, in agreement with the
Inspector General of the Department of Health
and Human Services, certifies to Congress that
such Department, along with any other relevant
Federal agencies involved with health insurance
assistance or enrollment, or collection or
verification of personally identifiable
information, have implemented all appropriate
and necessary actions to safeguard both the
such information and financial information of
individuals seeking enrollment in a health plan
through an Exchange and to protect such
individuals from fraud and abuse.
``(C) Liability.--Not later than 90 days after the
date of the enactment of this paragraph, the
Secretary--
``(i) shall issue guidance concerning how
liability and penalties will be applied in
instances of failure to comply with
requirements of this paragraph, including where
consumer outreach and enrollment assistance
causes harm to an individual as a result of
misuse or negligence in protection and privacy
of personally identifiable information;
``(ii) shall determine whether such
liability lies with the person (such as a
navigator, certified application counselor, or
non-navigator assistance personnel) having
direct contact with the prospective enrollee in
enrollment assistance-related actions or
whether liability lies with the entity that
received Federal or Exchange-generated funds to
carry out consumer outreach activities; and
``(iii) shall determine whether the
entities identified under clause (ii) are
required to obtain professional liability
coverage.
``(D) Penalties.--
``(i) Criminal penalties.--
``(I) Any individual or entity who,
under this section, has possession of,
or access to, personally identifiable
information the disclosure of which is
prohibited by this section (or section
552a of title 5, United States Code) or
by rules or regulations established
thereunder, and who knowing that
disclosure of the specific material is
so prohibited, willfully discloses the
material in any manner to any person or
entity not entitled to receive it,
shall be guilty of a misdemeanor and
fined not more than $5,000.
``(II) A person who commits the
offense described under subclause (I)
with the intent to sell, transfer, or
use personally identifiable information
for commercial advantage, personal
gain, or malicious harm shall be fined
not more than $250,000, imprisoned for
not more than 10 years, or both.
``(III) Any person who knowingly
and willfully requests or obtains any
personally identifiable information
protected under this section concerning
an individual under false pretenses
shall be guilty of a felony and fined
not more than $100,000, imprisoned for
not more than 5 years, or both.
``(ii) Potential exposure to tax penalty.--
Any navigator, certified application counselor,
or non-navigator assistance personnel who
engages in health plan enrollment consumer
assistance activities under this section and
who is exposed to consumer tax return
information is potentially subject to criminal
liability under section 7213(a) of the Internal
Revenue Code of 1986 for any instances of
unauthorized disclosure of such information.
``(iii) Disqualification from further
assistance.--If the Secretary determines that
any individual, including any navigator,
certified application counselor, or non-
navigator assistance personnel, has a criminal
background or is otherwise in violation of this
paragraph with respect to the requirements
relating to disclosure and use of personally
identifiable information, the Secretary shall
permanently disqualify the individual from any
further involvement in consumer assistance
activities required under this section or the
Patient Protection and Affordable Care Act and
may disqualify and rescind the Federal and
Exchange-generated funds from the entity which
employs or contracts with such an individual.
``(E) Consumer opt out for lack of privacy
protection.--Beginning on the date of health insurance
exchange operations for both individuals and
businesses, no individual consumer shall be made
responsible for failure to meet a requirement under the
Patient Protection and Affordable Care Act (including
any amendments made by this Act) for obtaining
qualified health insurance coverage through an Exchange
unless the Secretary has demonstrated with reasonable
certainty that effective and comprehensive protection
of personally identifiable information, with respect to
any health insurance enrollment activity electronic or
otherwise, are in place prior to any consumer
disclosure or transmission of personally identifiable
information for health insurance enrollment purposes.
``(F) Personally identifiable information
defined.--In this paragraph, the term `personally
identifiable information' includes Social Security
numbers, bank account information, insurance records,
health records, personal income data, and any other
information deemed personally identifiable and
sensitive in nature by the Federal Trade Commission,
the Department of Justice, the Social Security
Administration, the Consumer Financial Protection
Bureau, the President's Task Force on Identity Theft,
and any other relevant Federal agency, which is
disclosed or obtained in connection with any health
insurance enrollment activity conducted under this
section.''.
(b) Effective Date.--The amendment made by subsection (a) shall
take effect on the date of the enactment of this Act and shall apply to
grants made before, on, or after the date of the enactment of this Act.
The Secretary of Health and Human Services shall provide for the prompt
modification of such grants made before the date of the enactment of
this Act in order to comply with the requirement imposed by such
amendment.
<all>